defining a schema in LDAP

Hi all,
we are using OID for authentication and Oracle 9i DB for authorization.now based on the database schema we hve to come up with a LDAP schema so tht we can move the authorization part in OID.would like to hve some inputs as to how to come up with a OID schema.
Rishi
SCJP,SCWCD

Hello,
It really depends on what you currently have in your database.
If you mostly just associate users with various roles or such within the database, you might be able to simply create various groups to correspond to those various roles. One class that could be used for this purpose is the groupOfUniqueNames class. One could list the people that have that role by listing them inside those group entries.
The alternative is to associate that the user-related authorization information directly within the user entries by extending the inetOrgPerson class or such.
If you are storing information about authorization targets, or roles that associate users/groups, actions, and targets, you'll not find a lot of widely used LDAP schema that can be reused with off-the-shelf components, though this doesn't limit you from using LDAP for this purpose (Netegrity and other products do exactly that).
Clayton